IoT Hacking – A Primer

IF 0.9 Q4 TELECOMMUNICATIONS

Infocommunications Journal Pub Date : 2019-01-01 DOI:10.36244/icj.2019.2.1

Dorottya Papp, Kristóf Tamás, Levente Buttyán

{"title":"IoT Hacking – A Primer","authors":"Dorottya Papp, Kristóf Tamás, Levente Buttyán","doi":"10.36244/icj.2019.2.1","DOIUrl":null,"url":null,"abstract":"The Internet of Things (IoT) enables many new and exciting applications, but it also creates a number of new risks related to information security. Several recent attacks on IoT devices and systems illustrate that they are notoriously insecure. It has also been shown that a major part of the attacks resulted in full adversarial control over IoT devices, and the reason for this is that IoT devices themselves are weakly protected and they often cannot resist even the most basic attacks. Penetration testing or ethical hacking of IoT devices can help discovering and fixing their vulnerabilities that, if exploited, can result in highly undesirable conditions, including damage of expensive physical equipment or even loss of human life. In this paper, we give a basic introduction into hacking IoT devices. We give an overview on the methods and tools for hardware hacking, firmware extraction and unpacking, and performing basic firmware analysis. We also provide a survey on recent research on more advanced firmware analysis methods, including static and dynamic analysis of binaries, taint analysis, fuzzing, and symbolic execution techniques. By giving an overview on both practical methods and readily available tools as well as current scientific research efforts, our work can be useful for both practitioners and academic researchers.","PeriodicalId":42504,"journal":{"name":"Infocommunications Journal","volume":"32 1","pages":""},"PeriodicalIF":0.9000,"publicationDate":"2019-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Infocommunications Journal","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.36244/icj.2019.2.1","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"TELECOMMUNICATIONS","Score":null,"Total":0}

引用次数: 8

Abstract

The Internet of Things (IoT) enables many new and exciting applications, but it also creates a number of new risks related to information security. Several recent attacks on IoT devices and systems illustrate that they are notoriously insecure. It has also been shown that a major part of the attacks resulted in full adversarial control over IoT devices, and the reason for this is that IoT devices themselves are weakly protected and they often cannot resist even the most basic attacks. Penetration testing or ethical hacking of IoT devices can help discovering and fixing their vulnerabilities that, if exploited, can result in highly undesirable conditions, including damage of expensive physical equipment or even loss of human life. In this paper, we give a basic introduction into hacking IoT devices. We give an overview on the methods and tools for hardware hacking, firmware extraction and unpacking, and performing basic firmware analysis. We also provide a survey on recent research on more advanced firmware analysis methods, including static and dynamic analysis of binaries, taint analysis, fuzzing, and symbolic execution techniques. By giving an overview on both practical methods and readily available tools as well as current scientific research efforts, our work can be useful for both practitioners and academic researchers.

查看原文本刊更多论文

物联网黑客-入门

物联网(IoT)使许多新的和令人兴奋的应用成为可能，但它也产生了许多与信息安全相关的新风险。最近对物联网设备和系统的几次攻击表明，它们是出了名的不安全。研究还表明，大部分攻击导致对物联网设备的完全对抗性控制，其原因是物联网设备本身的保护很弱，它们往往无法抵抗最基本的攻击。物联网设备的渗透测试或道德黑客攻击可以帮助发现和修复其漏洞，如果这些漏洞被利用，可能会导致非常不希望的情况，包括损坏昂贵的物理设备，甚至造成人员伤亡。在本文中，我们对入侵物联网设备进行了基本介绍。我们概述了硬件黑客攻击、固件提取和解包以及执行基本固件分析的方法和工具。我们还提供了对更先进的固件分析方法的最新研究的调查，包括二进制文件的静态和动态分析、污点分析、模糊测试和符号执行技术。通过对实际方法和现成工具以及当前科学研究成果的概述，我们的工作对从业者和学术研究人员都很有用。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Infocommunications Journal TELECOMMUNICATIONS-

CiteScore

1.90

自引率

27.30%

发文量